Node certificate generation
1. The default script generates synchronous node configuration
In use
./prepare_pk.sh
When generating chain configuration, the default
crypto-config\wx-org1.chainmaker.org\node
The certificate files of two types of nodes are generated in it, one is the consensus node consensus1, and the other is the synchronization node common1.
2. Generate a synchronization node certificate through chainmaker-cryptogen or self-built CA certificate service
Synchronous node configuration generation
In the startup node configuration file, there is only the startup configuration of the consensus node. If you need to start the synchronization node, you need to add a new synchronization node configuration. The specific steps are as follows:
1. 复制部署包
$ cd build/release
$ cp -rf chainmaker-v2.0.0-wx-org1.chainmaker.org chainmaker-v2.0.0-wx-org1.chainmaker.org_common1
2. 把chainmaker-v2.0.0-wx-org1.chainmaker.org_common1/bin下所有的.sh脚本中所有wx-org1.chainmaker.org替换为wx-org1.chainmaker.org_common1
3. 重命名
$ cd build/release/chainmaker-v2.0.0-wx-org1.chainmaker.org_common1/config
$ mv wx-org1.chainmaker.org wx-org1.chainmaker.org_common1
4. 拷贝chainmaker-cryptogen扩展生成的crypto-config/wx-org1.chainmaker.org/node/common1 到 chainmaker-v2.0.0-wx-org1.chainmaker.org_common1/config/wx-org1.chainmaker.org_common1/certs/node下
5. 修改chainmaker.yml
把chainmaker-v2.0.0-wx-org1.chainmaker.org_common1/config/wx-org1.chainmaker.org_common1/chainmaker.yml中所有路径中包含的wx-org1.chainmaker.org替换为wx-org1.chainmaker.org_common1。注意这里是指所有的路径,千万别把node模块里边的org_id改了,这个org_id表示的是同步节点所属的组织。
修改node模块,把 certs/node/consensus1/consensus1.sign.key 修改为 certs/node/common1/common1.sign.key
修改node模块,把 certs/node/consensus1/consensus1.sign.crt 修改为 certs/node/common1/common1.sign.crt
修改net模块,把 certs/node/consensus1/consensus1.tls.key 修改为 certs/node/common1/common1.tls.key
修改net模块,把 certs/node/consensus1/consensus1.tls.crt 修改为 certs/node/common1/common1.tls.crt
修改net模块,把 listen_addr: /ip4/0.0.0.0/tcp/11301 修改为 listen_addr: /ip4/0.0.0.0/tcp/11306
修改rpc模块,把 certs/node/consensus1/consensus1.tls.crt 修改为 certs/node/common1/common1.tls.crt
修改rpc模块,把 certs/node/consensus1/consensus1.tls.key 修改为 certs/node/common1/common1.tls.key
修改rpc模块,把 port: 12301 修改为 port: 12306
修改monitor模块,把 port: 14321 修改为 port: 14326
修改pprof模块,把 port: 24321 修改为 port: 24326
6. 修改chainmaker-v2.0.0-wx-org1.chainmaker.org_common1/config/wx-org1.chainmaker.org_common1/chainconfig/bc1.yml中的trust_roots模块。
把所有 ../config/wx-org1.chainmaker.org 修改为 ../config/wx-org1.chainmaker.org_common1
7. 启动节点
$ cd build/release/chainmaker-v2.0.0-wx-org1.chainmaker.org_common1/bin
$ ./start.sh
8. End
Exception resolution
Problem 1: The synchronization node cannot start normally
[Blockchain] blockchain/chainmaker_server.go:192 init blockchain[chain1] failed, fail to initialize identity management service: [setup cert member failed, organization information in certificate and in input parameter do not match [certificate: wx-org1.chainmaker.org, parameter: wx-org1.chainmaker.org_common1]]
The reason for this exception is to replace the org_id in the node module with wx-org1.chainmaker.org_common1 when modifying wx-org1.chainmaker.org included in all paths in chainmaker.yml to wx-org1.chainmaker.org_common1 Yes, this org_id indicates the organization to which the synchronization node belongs. The organization ID of the node is wx-org1.chainmaker.org, so it can be restored to the suffix without common1.
Question 2: Synchronization node synchronization block error
2022-06-29 16:10:37.641 [ERROR] [Storage] @chain1 [email protected]/blockstore_impl.go:525 chain[chain1] failed to write log, block[1], err:out of order
2022-06-29 16:10:37.641 [ERROR] [Core] @chain1 common/committer.go:90 out of order
2022-06-29 16:10:37.641 [ERROR] [Core] @chain1 common/block_helper.go:961 cache add block err: out of order
2022-06-29 16:10:37.641 [ERROR] [Sync] @chain1 sync/routine.go:70 process msg failed, reason: failed add block to chain
2022-06-29 16:11:12.561 [ERROR] [Storage] @chain1 blockfiledb/blockfile.go:478 out of order, b.entry.index: 2 and l.lastIndex+uint64(1): 1
2022-06-29 16:11:12.561 [ERROR] [Storage] @chain1 blockfiledb/blockfile.go:481 your block file db is damaged or not use this feature before, please check your disable_block_file_db setting in chainmaker.yml
The reason for this exception is that some block data has been written to the file or db after the first startup due to incorrect configuration. After modifying the configuration file and restarting, the new synchronization node cannot be synchronized to the block from other consensus nodes. Data, at this time, it is necessary to clean up the block data generated by the previous incorrect startup. The cleaning method is to go to the data directory of the node configuration file and delete the folder below. If it is useful for mysql, you need to clean up all the databases related to mysql and nodes Delete it and restart the node to restore it.